Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
paullondon
New Member

Access control using organisation Active Directory

‎03-18-2021 04:51 AM

Hi All,

 

A client would like to control access to Power BI using existing Active Directory Roles within their organisation.

 

For example, they could create roles called bi_sales, bi_operations, bi_management. And then tell Power BI to allow access to content (workspace, reports or dashboards) to specific user roles.  This way they do not have to come into Power Bi and Share with specific people.  The publisher/admin would simply publish a report and configure Power BI to allow access to say bi_operations and bi_management only.

 

Is this possible?

 

I understand we could connect to AD and import all users and groups but that is a solution for RLS more than overall access to the content itself.

 

Apologies if this has been covered before.  I am struggling to get a good steer on how this works.

 

Many thanks,

Paul

 

Labels:
Message 1 of 4
1,526 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

View solution in original post

Message 2 of 4
1,500 Views
3 REPLIES 3
lbendlin
Super User
Super User

‎03-24-2021 04:46 AM

Check RADACAD - they have many articles where this topic is covered.

Message 4 of 4
1,475 Views
0
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

Message 2 of 4
1,501 Views
paullondon
New Member
In response to lbendlin

‎03-24-2021 03:51 AM

Many thanks.  Would you have a link to a Doc on this as I cannoot find such examples within the Microsoft Docs.

Message 3 of 4
1,478 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All